1 /*
2 * Copyright (c) 2016, The OpenThread Authors.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. Neither the name of the copyright holder nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /**
30 * @file
31 * This file implements the use of mbedTLS.
32 */
33
34 #include "mbedtls.hpp"
35
36 #include <mbedtls/ctr_drbg.h>
37 #include <mbedtls/debug.h>
38 #include <mbedtls/entropy.h>
39 #include <mbedtls/platform.h>
40 #include <mbedtls/threading.h>
41
42 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
43 #include <mbedtls/pem.h>
44 #endif
45
46 #include "common/code_utils.hpp"
47 #include "common/error.hpp"
48 #include "common/heap.hpp"
49 #include "common/random.hpp"
50
51 namespace ot {
52 namespace Crypto {
53
MbedTls(void)54 MbedTls::MbedTls(void)
55 {
56 #if OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT
57 #ifdef MBEDTLS_DEBUG_C
58 // mbedTLS's debug level is almost the same as OpenThread's
59 mbedtls_debug_set_threshold(OPENTHREAD_CONFIG_LOG_LEVEL);
60 #endif
61 mbedtls_platform_set_calloc_free(Heap::CAlloc, Heap::Free);
62 #endif // OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT
63 }
64
MapError(int aMbedTlsError)65 Error MbedTls::MapError(int aMbedTlsError)
66 {
67 Error error = kErrorNone;
68
69 switch (aMbedTlsError)
70 {
71 #if OPENTHREAD_CONFIG_ECDSA_ENABLE
72 case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
73 case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
74 case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
75 #endif
76 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
77 case MBEDTLS_ERR_PK_TYPE_MISMATCH:
78 case MBEDTLS_ERR_PK_FILE_IO_ERROR:
79 case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
80 case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
81 case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
82 case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
83 case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
84 case MBEDTLS_ERR_PK_INVALID_PUBKEY:
85 case MBEDTLS_ERR_PK_INVALID_ALG:
86 case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
87 case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
88 case MBEDTLS_ERR_X509_SIG_MISMATCH:
89 case MBEDTLS_ERR_X509_BAD_INPUT_DATA:
90 case MBEDTLS_ERR_X509_FILE_IO_ERROR:
91 case MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT:
92 case MBEDTLS_ERR_X509_INVALID_VERSION:
93 case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG:
94 case MBEDTLS_ERR_X509_INVALID_SERIAL:
95 case MBEDTLS_ERR_X509_UNKNOWN_OID:
96 case MBEDTLS_ERR_X509_INVALID_FORMAT:
97 case MBEDTLS_ERR_X509_INVALID_ALG:
98 case MBEDTLS_ERR_X509_INVALID_NAME:
99 case MBEDTLS_ERR_X509_INVALID_DATE:
100 case MBEDTLS_ERR_X509_INVALID_SIGNATURE:
101 case MBEDTLS_ERR_X509_INVALID_EXTENSIONS:
102 case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
103 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
104 case MBEDTLS_ERR_SSL_BAD_INPUT_DATA:
105 case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
106 case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
107 error = kErrorInvalidArgs;
108 break;
109
110 #if OPENTHREAD_CONFIG_ECDSA_ENABLE
111 case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
112 case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
113 case MBEDTLS_ERR_MPI_ALLOC_FAILED:
114 #endif
115 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
116 case MBEDTLS_ERR_PEM_ALLOC_FAILED:
117 case MBEDTLS_ERR_PK_ALLOC_FAILED:
118 case MBEDTLS_ERR_X509_BUFFER_TOO_SMALL:
119 case MBEDTLS_ERR_X509_ALLOC_FAILED:
120 #endif
121 case MBEDTLS_ERR_SSL_ALLOC_FAILED:
122 case MBEDTLS_ERR_SSL_WANT_WRITE:
123 case MBEDTLS_ERR_ENTROPY_MAX_SOURCES:
124 error = kErrorNoBufs;
125 break;
126
127 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
128 case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
129 case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
130 case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE:
131 case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
132 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
133 case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
134 case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
135 case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
136 case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
137 #if (MBEDTLS_VERSION_NUMBER < 0x03000000)
138 case MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED:
139 #endif
140 case MBEDTLS_ERR_THREADING_BAD_INPUT_DATA:
141 case MBEDTLS_ERR_THREADING_MUTEX_ERROR:
142 error = kErrorSecurity;
143 break;
144
145 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
146 case MBEDTLS_ERR_X509_FATAL_ERROR:
147 error = kErrorFailed;
148 break;
149 #endif
150 case MBEDTLS_ERR_SSL_TIMEOUT:
151 case MBEDTLS_ERR_SSL_WANT_READ:
152 error = kErrorBusy;
153 break;
154
155 #if OPENTHREAD_CONFIG_ECDSA_ENABLE
156 case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
157 error = kErrorNotCapable;
158 break;
159 #endif
160
161 default:
162 if (aMbedTlsError < 0)
163 {
164 error = kErrorFailed;
165 }
166
167 break;
168 }
169
170 return error;
171 }
172
173 #if !OPENTHREAD_RADIO
174
CryptoSecurePrng(void *,unsigned char * aBuffer,size_t aSize)175 int MbedTls::CryptoSecurePrng(void *, unsigned char *aBuffer, size_t aSize)
176 {
177 IgnoreError(ot::Random::Crypto::FillBuffer(aBuffer, static_cast<uint16_t>(aSize)));
178
179 return 0;
180 }
181
182 #endif // !OPENTHREAD_RADIO
183
184 } // namespace Crypto
185 } // namespace ot
186
